Revert "WvPL License SDK release: beta-16.4.6"
This reverts commit a4762f0315.
This commit is contained in:
Buildbot
@@ -30,7 +30,7 @@ class WvPLLicenseCounter;
|
||||
// major version to line up with latest released OEMCryptoAPI version.
|
||||
const uint32_t kMajorVersion = 16;
|
||||
const uint32_t kMinorVersion = 4;
|
||||
const uint32_t kRelease = 6;
|
||||
const uint32_t kRelease = 5;
|
||||
|
||||
// Once a Widevine environment object is successfully initialized, generate a
|
||||
// Widevine session object for each license request. CreateSession() parses
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
#include "common/drm_root_certificate.h"
|
||||
#include "common/security_profile_list.h"
|
||||
#include "common/status.h"
|
||||
#include "license_server_sdk/internal/environment_impl.h"
|
||||
|
||||
namespace video_widevine {
|
||||
class Environment {
|
||||
@@ -31,190 +30,16 @@ class Environment {
|
||||
// Returns true if service certificate is loaded.
|
||||
bool is_service_certificate_loaded();
|
||||
|
||||
// Specify a comma separated list of system Ids that can support having
|
||||
// OEMCrypto version, as specified in the license request, reflected back in
|
||||
// the Key Control Block which is used by partner. Otherwise, only 'kctl' or
|
||||
// 'kc09' is returned in KCB.
|
||||
void SetDevicesToHandleOEMCryptoVersionInKCB(
|
||||
const std::string& system_id_list);
|
||||
|
||||
void SetPreProvisioningKeys(const std::map<uint32_t, std::string>& keys);
|
||||
|
||||
void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);
|
||||
|
||||
// Set the certificate status list system-wide.
|
||||
// |expiration_period| is the number of seconds until the
|
||||
// certificate_status_list expires after its creation time
|
||||
// (creation_time_seconds). If |allow_unknown_devices| is false, an error is
|
||||
// returned if the device does not appear in the certificate_status_list.
|
||||
Status SetCertificateStatusList(const std::string& certificate_status_list,
|
||||
uint32_t expiration_period_seconds,
|
||||
bool allow_unknown_devices);
|
||||
|
||||
// Enable delivery of licenses to client devices. This includes devices with
|
||||
// TEST_ONLY status, and development platform verification certificates.
|
||||
// Defaults to false.
|
||||
void AllowDevelopmentClients(bool enable);
|
||||
|
||||
// Enable delivery of licenses to TEST_ONLY client devices.
|
||||
// |device_list_make| is a comma separated list of devices to allow even
|
||||
// if the device is in a TEST_ONLY state. This list wil be used only if
|
||||
// AllowDevelopmentClient(false) is in use.
|
||||
void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
|
||||
|
||||
// Enable delivery of licenses to TEST_ONLY client devices.
|
||||
// |device_list_provider| is a comma separated list of provider to allow
|
||||
// even if the device is in a TEST_ONLY state. This list wil be used only if
|
||||
// AllowDevelopmentClient(false) is in use.
|
||||
void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
|
||||
|
||||
// Enable delivery of licenses to revoked client devices. |system_id_list| is
|
||||
// a comma separated list of systems Ids to allow even if revoked.
|
||||
void AllowRevokedDevices(const std::string& system_id_list);
|
||||
|
||||
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
|
||||
void RevokedDrmCertificateSerialNumbers(
|
||||
const std::string& drm_certificate_serial_numbers);
|
||||
|
||||
// Restriction on core message features. If this is an empty string, the
|
||||
// default feature set is used. If it is an integer, that is the ODK version
|
||||
// supported. This restricts the features that the server will support in an
|
||||
// oemcrypto core message. For example, we may restrict the server to never
|
||||
// send a v17 message by setting the std::string to "16". For details, please see
|
||||
// common/oemcrypto_core_message/odk/include/core_message_features.h
|
||||
void SetCoreMessageFeatures(const std::string& core_message_features);
|
||||
|
||||
// Creates a Session object.
|
||||
// |root_cert| is the root certificate to be used to validate client
|
||||
// credentials.
|
||||
// |signed_license_request| is the serialized SignedMessage received from the
|
||||
// client. |session| points to a Session*, which must be initialized to NULL
|
||||
// on entry, but |session| itself may not be NULL. The new Session object will
|
||||
// be owned by the caller. This method returns Status::OK if successful,
|
||||
// or an appropriate error status, in which case
|
||||
// Environment::GenerateErrorResponse should be invoked.
|
||||
// Example usage:
|
||||
// Environment env = absl::make_unique<Environment>(kProvider,
|
||||
// drm_root_cert);
|
||||
// Session* session = NULL;
|
||||
// Status status = env->CreateSession(root_cert, request_from_client,
|
||||
// &session);
|
||||
// if (!status.ok()) {
|
||||
// std::string error_license;
|
||||
// if (env->GenerateErrorResponse(status, &error_license)) {
|
||||
// // Send error_license to the client.
|
||||
// } else {
|
||||
// // Handle error
|
||||
// }
|
||||
// return ...
|
||||
// }
|
||||
// // Create license, invoke GenerateSignedLicense, etc.
|
||||
Status CreateSession(const std::string& signed_license_request,
|
||||
Session** session);
|
||||
|
||||
// Create a session for generating a license. This variation of Create takes
|
||||
// options to allow for the creation of the session to succeed even if the
|
||||
// device is revoked.
|
||||
Status CreateSessionWithOptions(const std::string& signed_license_request,
|
||||
const SessionCreateOptions& options,
|
||||
Session** session);
|
||||
|
||||
// Variation of Environment::CreateSession which also fills in the parsed
|
||||
// LicenseRequest, for use in logging or debugging.
|
||||
Status CreateSession(const std::string& signed_license_request,
|
||||
const SessionCreateOptions& options, Session** session,
|
||||
LicenseRequest* parsed_request_out);
|
||||
|
||||
// Same as CreateSession(), but caller can specify the ClientIdentification
|
||||
// message and/or PlatformVerificationStatus. If ClientIdentification is
|
||||
// specified, this variation of Create() will use the specified |client_id|
|
||||
// instead of what is specified in |signed_license_request|. If
|
||||
// PlatformVerificationStatus is specified, this method will use the specified
|
||||
// |platform_verification_status| instead of attempting to determine it.
|
||||
// Background for this function is to support cases where the client
|
||||
// identification is encrypted with the provider's service certificate in
|
||||
// which case we won't be able to decrypt OR when the provider determines
|
||||
// platform verification. The provider will specify the
|
||||
// clear client identification in |client_id| and the platform verification
|
||||
// in |platform_verification_status|.
|
||||
Status CreateSessionForProxy(
|
||||
const std::string& signed_license_request,
|
||||
const PlatformVerificationStatus platform_verification_status,
|
||||
const ClientIdentification* client_id,
|
||||
const SessionCreateOptions& options, Session** session,
|
||||
LicenseRequest* parsed_request_out);
|
||||
|
||||
// Generates a SignedMessage containing a message generated in response to
|
||||
// an error condition. |status| is a previous error status returned by the
|
||||
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
|
||||
// backend is unavailable, |signed_message| points to a std::string to contain the
|
||||
// serialized SignedMessage, and may not be NULL. This method returns true if
|
||||
// there is an error license to be sent to the client, or false otherwise.
|
||||
// Example usage in the Environment::Create comments above.
|
||||
bool GenerateErrorResponse(const Status& status,
|
||||
std::string* signed_message_bytes);
|
||||
|
||||
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
|
||||
// NIST 800-108:
|
||||
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
|
||||
// AES-CMAC:
|
||||
// http://tools.ietf.org/html/rfc4493
|
||||
std::string DeriveKey(const std::string& key, const std::string& label,
|
||||
const std::string& context, const uint32_t size_bits);
|
||||
|
||||
// Returns a std::string containing the Widevine License Server SDK version in the
|
||||
// form <major_version>.<minor_version>.<release> <build date> <build time> .
|
||||
std::string GetSdkVersionString();
|
||||
|
||||
// If set to true, adds SDK and server version information to the license
|
||||
// response.
|
||||
void SetIncludeVersionInfoInLicense(bool include_version_info);
|
||||
|
||||
// Sets the service version information which can be included with the license
|
||||
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
|
||||
// version is not empty, then the server version will be included in the
|
||||
// license response. The host_version must be <= 32 characters and limited to
|
||||
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
|
||||
void SetHostServerVersion(const std::string& host_version);
|
||||
|
||||
// Generate a signed request to be sent to Widevine Certificate Provisioning
|
||||
// Server to retrieve 'DeviceCertificateStatusList'.
|
||||
Status GenerateDeviceStatusListRequest(
|
||||
std::string* signed_device_certificate_status_list_request);
|
||||
|
||||
// Set the custom device security profile list which is returned, from a call
|
||||
// to Widevine PublishedDevicesService.
|
||||
Status SetCustomDeviceSecurityProfiles(
|
||||
absl::string_view serialized_signed_device_security_profiles);
|
||||
|
||||
// Return a list of the default profile names.
|
||||
Status GetDefaultDeviceSecurityProfileNames(
|
||||
std::vector<std::string>* profile_names) const;
|
||||
|
||||
// Return the default profile associated with |profile_name|.
|
||||
Status GetDefaultDeviceSecurityProfile(
|
||||
absl::string_view profile_name,
|
||||
SecurityProfile* device_security_profile) const;
|
||||
|
||||
// Obtain the owner list for custom profiles.
|
||||
Status GetCustomDeviceSecurityProfileOwners(
|
||||
std::vector<std::string>* custom_profile_owners) const;
|
||||
|
||||
// Return a list of custom profile names associated with |owner_name|.
|
||||
Status GetCustomDeviceSecurityProfileNames(
|
||||
absl::string_view owner_name,
|
||||
std::vector<std::string>* profile_names) const;
|
||||
|
||||
// Return the custom profiles associated with |owner_name|.
|
||||
Status GetCustomDeviceSecurityProfiles(
|
||||
absl::string_view owner_name,
|
||||
std::vector<SecurityProfile>* custom_device_security_profiles) const;
|
||||
|
||||
private:
|
||||
// Returns the DRM root certificate configured for this environment.
|
||||
const video_widevine::DrmRootCertificate* drm_root_certificate() const;
|
||||
bool is_service_certificate_loaded_ = false;
|
||||
std::string provider_;
|
||||
// DRM root certificate used for verifying all other DRM certificates.
|
||||
const DrmRootCertificate* drm_root_certificate_;
|
||||
mutable absl::Mutex profile_mutex_;
|
||||
std::unique_ptr<video_widevine::SecurityProfileList>
|
||||
device_security_profile_list_;
|
||||
std::unique_ptr<EnvironmentImpl> env_impl_;
|
||||
device_security_profile_list_ ABSL_GUARDED_BY(profile_mutex_);
|
||||
friend class EnvironmentTest;
|
||||
};
|
||||
} // namespace video_widevine
|
||||
|
||||
@@ -83,17 +83,11 @@ class Session {
|
||||
const std::string& service_private_key,
|
||||
const std::string& service_private_key_passphrase);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Enable delivery of licenses to client devices. This includes devices with
|
||||
// TEST_ONLY status, and development platform verification certificates.
|
||||
// Defaults to false.
|
||||
static void AllowDevelopmentClients(bool enable);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Enable delivery of licenses to TEST_ONLY client devices.
|
||||
// |device_list_make| is a comma separated list of devices to allow even
|
||||
// if the device is in a TEST_ONLY state. This list wil be used only if
|
||||
@@ -101,15 +95,8 @@ class Session {
|
||||
static void AllowTestOnlyDevices(const std::string& device_list_make) {
|
||||
AllowTestOnlyDevicesByMake(device_list_make);
|
||||
}
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
static void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Enable delivery of licenses to TEST_ONLY client devices.
|
||||
// |device_list_provider| is a comma separated list of provider to allow
|
||||
// even if the device is in a TEST_ONLY state. This list wil be used only if
|
||||
@@ -117,23 +104,14 @@ class Session {
|
||||
static void AllowTestOnlyDevicesByProvider(
|
||||
const std::string& device_list_provider);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Enable delivery of licenses to revoked client devices. |system_id_list| is
|
||||
// a comma separated list of systems Ids to allow even if revoked.
|
||||
static void AllowRevokedDevices(const std::string& system_id_list);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// A comma separated list of DRM Certificate Serial Numbers that are revoked.
|
||||
static void RevokedDrmCertificateSerialNumbers(
|
||||
const std::string& drm_certificate_serial_numbers);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Restriction on core message features. If this is an empty string, the
|
||||
// default feature set is used. If it is an integer, that is the ODK version
|
||||
// supported.
|
||||
@@ -201,9 +179,6 @@ class Session {
|
||||
const SessionCreateOptions& options, Session** session,
|
||||
LicenseRequest* parsed_request_out);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Generates a SignedMessage containing a message generated in response to
|
||||
// an error condition. |status| is a previous error status returned by the
|
||||
// Session or Status(error::UNAVAILABLE, ...) to indicate that the
|
||||
@@ -214,18 +189,12 @@ class Session {
|
||||
static bool GenerateErrorResponse(const Status& status,
|
||||
std::string* signed_message_bytes);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Generates a SignedMessage containing a service certificate for the
|
||||
// specified |provider_id|. This method returns true if a service certificate
|
||||
// exist for the provider.
|
||||
static bool GenerateServiceCertificateResponse(
|
||||
const std::string& provider_id, std::string* signed_message_bytes);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
|
||||
// NIST 800-108:
|
||||
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
|
||||
@@ -235,23 +204,14 @@ class Session {
|
||||
const std::string& context,
|
||||
const uint32_t size_bits);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Returns a std::string containing the Widevine License Server SDK version in the
|
||||
// form <major_version>.<minor_version>.<release> <build date> <build time> .
|
||||
static std::string GetSdkVersionString();
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// If set to true, adds SDK and server version information to the license
|
||||
// response.
|
||||
static void SetIncludeVersionInfoInLicense(bool include_version_info);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Sets the service version information which can be included with the license
|
||||
// response. If SetIncludeVersionInfoInLicense() is set to true and the server
|
||||
// version is not empty, then the server version will be included in the
|
||||
@@ -259,17 +219,11 @@ class Session {
|
||||
// alphanumeric and '_', '-', ':', ';', ' ', '/' and '.'.
|
||||
static void SetHostServerVersion(const std::string& host_version);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Generate a signed request to be sent to Widevine Certificate Provisioning
|
||||
// Server to retrieve 'DeviceCertificateStatusList'.
|
||||
static Status GenerateDeviceStatusListRequest(
|
||||
std::string* signed_device_certificate_status_list_request);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Set the custom device security profile list which is returned, from a call
|
||||
// to Widevine PublishedDevicesService.
|
||||
static Status SetCustomDeviceSecurityProfiles(
|
||||
@@ -388,32 +342,20 @@ class Session {
|
||||
// 'Provider' making the request.
|
||||
virtual void set_provider(const std::string& provider);
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Obtain the owner list for custom profiles.
|
||||
virtual Status GetCustomDeviceSecurityProfileOwners(
|
||||
std::vector<std::string>* custom_profile_owners) const;
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Return a list of custom profile names associated with |owner_name|.
|
||||
virtual Status GetCustomDeviceSecurityProfileNames(
|
||||
absl::string_view owner_name,
|
||||
std::vector<std::string>* profile_names) const;
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Return the custom profiles associated with |owner_name|.
|
||||
virtual Status GetCustomDeviceSecurityProfiles(
|
||||
absl::string_view owner_name,
|
||||
std::vector<SecurityProfile>* custom_device_security_profiles) const;
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Return a list of default profile names obtained from default profiles.
|
||||
// The input argument |profile_names| cannot be null and it will be replaced
|
||||
// by the results.
|
||||
@@ -421,9 +363,6 @@ class Session {
|
||||
virtual Status GetDefaultDeviceSecurityProfileNames(
|
||||
std::vector<std::string>* profile_names) const;
|
||||
|
||||
// Deprecated.
|
||||
// TODO(b/187189998): This API is now available in environment.h. It will be
|
||||
// removed from this header file in the mid-Q3 2021 SDK release.
|
||||
// Return the default profile associated with |profile_name|.
|
||||
virtual Status GetDefaultDeviceSecurityProfile(
|
||||
absl::string_view profile_name,
|
||||
@@ -449,16 +388,9 @@ class Session {
|
||||
virtual LicenseRequest::RequestType request_type() const;
|
||||
|
||||
protected:
|
||||
Session(std::unique_ptr<SessionImpl> impl,
|
||||
SecurityProfileList* security_profile_list);
|
||||
Session(std::unique_ptr<ExternalPlayReadySessionImpl>
|
||||
external_playready_session_impl,
|
||||
SecurityProfileList* security_profile_list);
|
||||
// For testing only. This allows unit tests to define a mock Session class.
|
||||
Session();
|
||||
|
||||
friend class EnvironmentImpl;
|
||||
|
||||
private:
|
||||
#ifndef SWIG
|
||||
Session(const Session&) = delete;
|
||||
|
||||
Reference in New Issue
Block a user